• Home
  • Raw
  • Download

Lines Matching refs:to

11 	bool "Restrict unprivileged access to the kernel syslog"
18 	  unless the dmesg_restrict sysctl is explicitly set to (1).
20 	  If you are unsure how to answer this question, answer N.
27 	  This allows you to choose different security modules to be
33 	  If you are unsure how to answer this question, answer N.
46 	  If you are unsure how to answer this question, answer N.
53 	  If enabled, a security module can use these hooks to
55 	  If you are unsure how to answer this question, answer N.
62 	  If enabled, a security module can use these hooks to
64 	  If you are unsure how to answer this question, answer N.
71 	  If enabled, a security module can use these hooks to
75 	  to communicate unlabelled data can send without using
77 	  If you are unsure how to answer this question, answer N.
84 	  If enabled, a security module can use these hooks to
86 	  If you are unsure how to answer this question, answer N.
94 	  Intel(R) Trusted Execution Technology to perform a measured launch
99 	  initial state as well as data reset protection.  This is used to
101 	  helps to ensure that kernel security mechanisms are functioning
108 	  providing such assurances to VMs and services running on it.
113 	  See Documentation/x86/intel_txt.rst for a description of how to enable
116 	  If you are unsure as to whether this is required, answer N.
119 	int "Low address space for LSM to protect from user allocation"
125 	  from userspace allocation.  Keeping a user from writing to low pages
131 	  Programs which use vm86 functionality or have some need to map
132 	  this low address space will need the permission specific to the
148 	  copying memory to/from the kernel (via copy_to_user() and
156 	bool "Allow usercopy whitelist violations to fallback to object size"
161 	  to be discovered via a WARN() to the kernel log, instead of
162 	  rejecting the copy, falling back to non-whitelisted hardened
170 	bool "Refuse to copy allocations that span multiple pages"
175 	  hardened usercopy will reject attempts to copy it. There are,
177 	  been removed. This config is intended to be used only while
178 	  trying to find such users.
203 	  Note, it is up to this single binary to then call the relevant
205 	  passed to it.  If desired, this program can filter and pick
208 	  If you wish for all usermode helper programs are to be
210 	  STATIC_USERMODEHELPER_PATH to an empty string.
213 	string "Path to the static usermode helper binary"
218 	  program is wish to be run.  The "real" application's name will
219 	  be in the first argument passed to this program on the command
222 	  If you wish for all usermode helper programs to be disabled,
238 	prompt "First legacy 'major LSM' to be initialized"
247 	  in old kernel configs to CONFIG_LSM in new kernel configs. Don't